Privacy Policy
Last updated: 1 May 2026
This Privacy Policy explains how K CLASS PTY LTD (ABN 82 659 861 882), trading as GlossNow ("GlossNow", "we", "us", "our"), collects, uses, discloses and protects personal information when you use the GlossNow mobile app and website at glossnow.com (together, the "Service"). GlossNow is a booking and business-management platform for service businesses such as hair and beauty salons.
1. Two roles: businesses and their clients
GlossNow is used by two kinds of people, and our responsibilities differ for each:
- Partners and team members — the business owners and staff who hold a GlossNow account and use the admin and calendar tools. For their personal information, we are the data controller.
- Clients — the customers whose details a Partner enters, or who book online. For that client information, the Partner is the controller and GlossNow acts as a processor, handling the data on the Partner's behalf and under their instructions. If you are a client and want your information changed or removed, please contact the business you booked with; you may also contact us and we will assist.
2. Information we collect
- Account and authentication information (Partners and team members) — name, email address, phone number, business and venue details, and account security information. Authentication is provided through Clerk and, depending on the sign-in method you choose, Google or Apple; we receive a user identifier and the profile details above. GlossNow does not receive your Google or Apple password.
- Client information (entered by Partners or provided at booking) — client name, email, phone number, appointment history, and optional partner-entered notes, which may include preferences or allergy and "must-know" notes. This is processed on the Partner's behalf. Some notes (for example allergies or sensitivities) may be health information, which receives a higher level of protection: Partners should record such details only where the client has provided them or agreed to them being recorded, and only to the extent reasonably necessary to provide the requested service. Client notes must not be used as a general-purpose medical record.
- Booking and business data — services, venues, staff schedules, appointments, products and inventory, vouchers and sales records.
- Payment information — card payments are processed by Stripe. Card numbers are entered into and tokenised by Stripe; GlossNow does not receive or store full card numbers. We store non-sensitive details such as the card brand, the last four digits, and the transaction and payout records needed to run the business.
- Photos — profile photos for clients, team members and venues that you choose to upload from your device's photo library or camera.
- Location — only if you use Tap to Pay (accepting in-person card payments on the phone). Apple and our payment provider require access to your device's precise location at the time of an in-person payment for fraud prevention and regulatory compliance. We do not use location for any other purpose and do not track your movements.
- Technical information — basic information needed to operate the app and website, such as app version, device type, and log/diagnostic data tied to a request identifier for troubleshooting. Our website also uses Vercel's privacy-friendly, cookieless analytics to measure aggregate usage (for example, page views and general location by country); it does not use cookies, identify you, or track you across other websites or apps. We do not use advertising or cross-app tracking SDKs.
3. How we use information
We use personal information to:
- provide and operate the Service (accounts, calendar, bookings, clients, products, staff scheduling and vouchers);
- process payments, refunds, fees and payouts;
- send transactional communications you or a Partner have configured, such as booking confirmations, reminders and receipts (email via Resend, SMS via Twilio);
- provide customer support and keep the Service secure and reliable;
- comply with legal, tax and record-keeping obligations.
We rely on the lawful bases of performing our contract with you, our legitimate business interests, your consent (where required, for example device permissions), and compliance with law.
4. No cross-site or advertising tracking
GlossNow does not track you across other companies' apps or websites, does not sell your personal information, and does not use it for third-party advertising. The only analytics we use are Vercel's aggregate, cookieless website analytics described above, which do not identify you. Accordingly, we do not present an App Tracking Transparency prompt.
We do use strictly necessary cookies and similar technologies (such as authentication session cookies set by Clerk, and settings stored on your device) to keep you signed in, protect your account and remember essential preferences. These are required for the Service to work and are not used for advertising or cross-site tracking.
5. Service providers
We may disclose personal information to trusted third-party service providers who help us provide and operate the Service, under contracts that require them to protect it. These may include providers of authentication, payment processing, booking management, database storage, cloud hosting, email and SMS communications, analytics, security, and address or location services.
Our service providers currently include Stripe, Clerk, Supabase, Vercel, Resend, Twilio and Google Maps, depending on the features you use.
We may also disclose information where required by law, to enforce our terms, or to protect the rights, safety and property of GlossNow, our users or others.
6. International transfers
Some of our service providers may store or process personal information outside Australia, including in the United States or other countries where they or their subprocessors operate. Where information is transferred overseas we take reasonable steps to ensure it is handled consistently with the Australian Privacy Principles and other applicable privacy law.
7. Data retention
We keep personal information for as long as needed to provide the Service and to meet legal, tax and accounting obligations. Different retention periods apply to different records under Australian requirements: tax and transaction records may need to be kept for at least five (5) years, and certain company and financial records for at least seven (7) years. We retain each category of personal information only for as long as reasonably necessary for the relevant purpose or as required by law, then delete or de-identify it.
8. Your rights and choices
Depending on your location you may have rights to access, correct, delete or export your personal information, and to withdraw consent.
- Account deletion — you can delete your GlossNow account and associated personal information from within the app (Profile → Delete account). Some records may be retained where the law requires (for example, financial records).
- Device permissions — you can grant or revoke photo, camera and location access at any time in your device settings.
- Clients — contact the business you booked with (or us) to exercise your rights over information a Partner holds about you.
To make a request or ask a question, email us at booking.glossnow@gmail.com. We will respond within a reasonable time and in accordance with applicable law. If you access the Service from outside Australia (including the Republic of Korea), additional local privacy rights may apply — contact us and we will help you exercise them.
9. Security
We use technical and organisational safeguards appropriate to the nature of the information we handle. These may include encryption in transit, access controls and role-based authorisation, authentication controls, logging, restricted administrative access, database security measures, and secure on-device storage for credentials. No method of transmission or storage is completely secure, but we work to protect your information and to address issues promptly.
If we become aware of a data breach, we will take steps to contain, assess and remediate it. Where a breach is likely to result in serious harm and notification is required, we will notify affected individuals and the Office of the Australian Information Commissioner in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).
10. Children
A person must be at least 18 years old to hold a Partner or team member (business) account, because those accounts involve a subscription, payment onboarding and other commitments that require legal capacity to enter.
Client (customer) accounts have no strict minimum age — people under 18 do use hair and beauty services. A parent or legal guardian should make or oversee a booking for a younger child, and a Partner may hold a limited client record for a minor where necessary to provide the booked service. Some client information (for example allergy or health notes) may be sensitive information, which we and Partners handle with additional care as described above. Parents or guardians may contact the relevant Partner or us about information relating to a minor.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version here and revise the "Last updated" date. Material changes will be notified through the Service where appropriate.
12. Contact us
K CLASS PTY LTD
Email: booking.glossnow@gmail.com
ABN: 82 659 861 882
If you have a privacy complaint, we will acknowledge it within a reasonable period, investigate it, and respond explaining the outcome and any action we propose to take. We may need to verify your identity before providing access to, or correcting, personal information.
If you are in Australia and are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. For complaints concerning health information handled in Victoria, you may also have the right to contact the Victorian Health Complaints Commissioner.